7 CIP Standards Physical Security of BES Cyber Systems CIP R1 System Security Management CIP R1-R5 GE support for security and NERC CIP 5 compliance Hardware options include a secure physical network rack. This rack can include a key lock and/or keycard access, including electronic contact switches alerting security personnel when the rack is opened. Secure and documented Chain of Custody in development and throughout the lifecycle, including ongoing delivery of cyber security updates. These updates are transmitted to site via secure sealed shipping envelope. In addition, the CD/DVD includes a hash file to validate the CD/DVD contents have not been altered. GE provides and maintains a list of required listening ports and services for both normal and emergency operations. GE provides hardened switch and HMI configurations to disable unused ports and services. Through GE s CAP subscription service, the Responsible Entity receives a complete Baseline Configuration Report for all items in our scope of supply. Each month any baseline configuration changes (for example, by security update) are reported to the Responsible Entity. The CAP Program includes: Monthly validated patch lists, including any workarounds System Design, Reliability, and Configuration Baseline Documentation When applicable, Cyber Security Technical Information Letter (TIL) Review of impacts to Ports and Services CAP Security Subscription validated testing procedures certificate Patch applicability reporting showing impact, and vulnerability assessment procedures CAP includes ongoing monthly updates for Malicious Code Preventions including Antivirus, Operating System updates, Host Intrusion Detection and Network Intrusion Detection signatures and switch updates. All updates are tested in a representative controls environment Industrial NGFW provides protection profile updates that include IDS/IPS signatures for vulnerabilities. SIEM provides real-time capability that centrally alerts, logs and detects cyber security events, allowing operators to monitor unauthorized activity. Recovery Plans for BES Cyber Systems CIP R1-R2 Backup/recovery support: Centralized dashboard for backup and recovery includes backup status, recovery tasks and alerts for backup errors. Redundant set of MS Active Directory Domain Controllers include one as a virtual machine and the other as a physical instance. If the primary or backup domain controller were to fail, the other instance would continue to authenticate authorized users. Use of Virtual Machines (VM) support expedited backup and recovery when backups are executed per best practice. GE Latest Network Design includes complete redundant information flows through redundant ethernet and fiber cabling and hardware. All HMIs and controllers support redundant network connections. Centralized configuration backup and restoration of network devices includes alerting to the Alerting via SIEM when switch configurations change. Switches include stacking technology enabling a stacked pair to act as one switch, providing local built-in failover and recovery in the event of a switch failure. An unconfigured switch can be used to replace a failed switch in the stack, automatically uploading the running configuration from the surviving switch. GE switch configuration includes enhanced Quality of Service ensuring controls traffic (GE Unit Data Highway) has the highest priority. Cyber Security for NERC CIP Version 5 Compliance 7

8 CIP Standards Configuration Change Management & Vulnerability Assessments CIP R1, R3 GE support for security and NERC CIP 5 compliance GE s CAP software update subscription supports patch change management compliance documentation by generating a report that shows the following: Listing of applicable updates to your system Status of the update (applied or missing) Updated reference information, including patch number, bulletin ID and bulletin title US Computer Emergency Readiness Team (US CERT) level of severity associated with update Time required to apply update in the representative operational test environment and whether or not a reboot is required Achilles Industrial NGFW can monitor or block OT-specific protocols and commands not included in the baseline configuration which will issue an alert to the SIEM. GE provides several options with regards to Passive and Active Vulnerability Assessments: Wurldtech provides expertise needed to perform a NERC CIP Vulnerability Assessment at Responsible Entity site. Wurldtech follows a proven methodology tailored to industrial control, automation and other real-time systems. The result is a comprehensive assessment that will enable the Responsible Entity to mitigate immediate risks, while developing and implementing an effective long-term security strategy that will improve the overall security posture. Performing an Active Vulnerability Assessment during Factory Acceptance Testing (FAT), before commissioning to Responsible Entity. Includes network discovery, port and service identification, vulnerability identification and remediation. Included with the CAP monthly patch and signature updates is an applicability report that shows which updates are applicable, their status (applied or unapplied), the severity ranking of the vulnerability and the time the update took to apply in a test environment. The CAP program also provides the Responsible Entity a paper listing of ports and services identification. Information Protection CIP R1-R2 During the Secure Factory Acceptance Test (FAT), GE can provide the Responsible Entity complete information flows enforcement the identification of the security of each information flow, why it is permitted or denied, including the configuration of flow enforcement polices via firewalls, switches and routers. During and after commissioning, GE uses a trusted delivery path with tamper evident seals on all packaging. After commissioning, the CAP Update Subscription Program includes tamper evident seals and an encrypted hash file. The hash file is used by Responsible Entity to validate the CD/DVD electronic contents are un-altered. Cyber Security for NERC CIP Version 5 Compliance 8

GE Measurement & Control Cyber Security for NERC CIP Compliance GE Proprietary Information: This document contains proprietary information of the General Electric Company and may not be used for purposes

SCADA Compliance Tools For NERC-CIP The Right Tools for Bringing Your Organization in Line with the Latest Standards OVERVIEW Electrical utilities are responsible for defining critical cyber assets which

BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements that are the basis for maintaining

NovaTech NERC CIP Compliance Document and Product Description Updated June 2015 This document describes the NovaTech Products for NERC CIP compliance and how they address the latest requirements of NERC

Whitepaper North American Electric Reliability Corporation: Critical Infrastructure Protection, Version 5 (NERC-CIP V5) NERC-CIP Overview The North American Electric Reliability Corporation (NERC) is a

NERC CIP Whitepaper How Endian Solutions Can Help With Compliance Introduction Critical infrastructure is the backbone of any nations fundamental economic and societal well being. Like any business, in

Industrial Security Solutions Building More Secure Environments From Enterprise to End Devices You have assets to protect. Control systems, networks and software can all help defend against security threats

Verve Security Center Product Features Supports multiple control systems. Most competing products only support a single vendor, forcing the end user to purchase multiple security systems Single solution

Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security

Summary of CIP Version 5 Standards In Version 5 of the Critical Infrastructure Protection ( CIP ) Reliability Standards ( CIP Version 5 Standards ), the existing versions of CIP-002 through CIP-009 have

LogRhythm and NERC CIP Compliance The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to ensure that the bulk electric system in North America is reliable, adequate

Navigate Your Way to NERC Compliance NERC, the North American Electric Reliability Corporation, is tasked with ensuring the reliability and safety of the bulk power system in North America. As of 2010,

Evidence for a requirement was not usable due to a lack of identifying information on the document. An entity should set and enforce a "quality of evidence" standard for its compliance documentation. A

Best Practices in ICS Security for System Operators A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security

Vulnerability Assessment Requirements 1. Introduction. Vulnerability assessment testing is required for all access points into an electronic security perimeter (ESP), all cyber assets within the ESP, and

This cybersecurity health check provides a quick view of compliance gaps and is not intended to replace a professional HIPAA Security Risk Analysis. Failing to have more than five security measures not

SOLUTION DESCRIPTION Alcatel-Lucent Services Security Introduction Security is a sophisticated business and technical challenge, and it plays an important role in the success of any network, service or

Solution Brief Operational Continuity Achieve Maximum Uptime In a recent speech, Omar Sherin of the Qatar CERT, shared how they shifted their focus from protection and detection to response in the wake

a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring

Information Security Risk Assessment Checklist A High-Level Tool to Assist USG Institutions with Risk Analysis Updated Oct 2008 Introduction Information security is an important issue for the University

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST Application Name: Vendor Name: Briefly describe the purpose of the application. Include an overview of the application architecture, and identify the data

Organizations around the world are choosing to move from traditional physical data centers to virtual infrastructure, affecting every layer in the data center stack. This change will not only yield a scalable

Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control

www.encari.com Using Monitoring, Logging, and Alerting to Improve ICS Security ICSJWG 2015 Fall Meeting October 27, 2015 www.encari.com 2 The Problem Cyber attacks are not just a risk, they are a reality.

INCIDENT RESPONSE CHECKLIST The purpose of this checklist is to provide clients of Kivu Consulting, Inc. with guidance in the initial stages of an actual or possible data breach. Clients are encouraged

WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But it s

Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology

The Comprehensive Guide to PCI Security Standards Compliance Achieving PCI DSS compliance is a process. There are many systems and countless moving parts that all need to come together to keep user payment

Remote Services Managing Open Systems with Remote Services Reduce costs and mitigate risk with secure remote services As control systems move from proprietary technology to open systems, there is greater